a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e

Analysis

max time kernel
121s
max time network
150s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 21:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe
Size

396KB
MD5

cfd10f3e07b72778651f4061ba8a779e
SHA1

ca0063af76f2faf349b5de2e5a0b07ad08c58f26
SHA256

a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e
SHA512

1902a2a2cab4de68ff0d21d00b122f60470e7445967dc95901d9c091f84b03f58b0ab45366cffd8984ce9625921b48156ba4a2b7675ad67a79363f27998e5672
SSDEEP

6144:5NShUOqW5XJ6EDOpvOCm5MNuAOo7J2TH97LagSzyGrVYNTDK842caI+Eqwh:5N8dqW5sEe2uuaYTH97LumGr+DDVwh

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2792 set thread context of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2656	2792	WerFault.exe	16
2716	2600	WerFault.exe	28

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2600	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	28
PID 2792 wrote to memory of 2656	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	29
PID 2792 wrote to memory of 2656	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	29
PID 2792 wrote to memory of 2656	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	29
PID 2792 wrote to memory of 2656	2792	a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe	29
PID 2600 wrote to memory of 2716	2600	AppLaunch.exe	30
PID 2600 wrote to memory of 2716	2600	AppLaunch.exe	30
PID 2600 wrote to memory of 2716	2600	AppLaunch.exe	30
PID 2600 wrote to memory of 2716	2600	AppLaunch.exe	30
PID 2600 wrote to memory of 2716	2600	AppLaunch.exe	30
PID 2600 wrote to memory of 2716	2600	AppLaunch.exe	30
PID 2600 wrote to memory of 2716	2600	AppLaunch.exe	30

C:\Users\Admin\AppData\Local\Temp\a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe
"C:\Users\Admin\AppData\Local\Temp\a480471b4833f5752a68fd167be68de69a271df277e0e27af573f399ec0a547e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 196
    3⤵
    - Program crash
    PID:2716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 52
  2⤵
  - Program crash
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2600-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2600-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2600-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2600-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2600-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2600-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2600-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2600-7-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2600-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2600-11-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads